2025-04-03
Microsoft Security
Threat actors leverage tax season to deploy tax-themed phishing campaigns
Malwarebytes
Popular VPNs are routing traffic via Chinese companies, including one with link to military
Github Security Blog
Localhost dangers: CORS and DNS rebinding
Schneier on Security
Web 3.0 Requires Data Integrity
Google Safety & Security
Read Google DeepMind’s new paper on responsible artificial general intelligence (AGI).
Talos Intelligence
One mighty fine-looking report
CrankySec
What can possibly go wrong?
ReversingLabs
Malicious Python packages target popular Bitcoin library
Offensive Security
AI Penetration Testing: How to Secure LLM Systems
The Citizen Lab
The Citizen Lab’s Director Dissects Spyware and the ‘Proliferating’ Market for It (The Record)
The Citizen Lab
The United States is Putting the United States in Danger
The Citizen Lab
The U.S. Wants Canada to Become A Police State
Dark Reading
China-Linked Threat Group Exploits Ivanti Bug
Dark Reading
Social Engineering Just Got Smarter
Ars Technica Security
Google unveils end-to-end messages for Gmail. Only thing is: It’s not true E2EE.
Sansec Threat Research
Found defunct.dat on your site? You've got a problem.
Searchlight Cyber
How to Improve Incident Response with Attack Surface Management
2025-04-02
Evan Connelly
Hacking the Call Records of Millions of Americans
Schneier on Security
Rational Astrologies and Security
SentinelOne
The Overlooked Six | AWS Security Blind Spots
Datadog HQ
Reduce costs and enhance security with cross-region Datadog connectivity using AWS PrivateLink
Amazon Security
AWS achieves Cloud Security Assurance Program (CSAP) low-tier certification in AWS Seoul Region
Amazon Security
Planning for your IAM Roles Anywhere deployment
Eclypsium
Eclypsium @ RSAC 2025
Meta Security
Meta Open Source: 2024 by the numbers
2025-04-01
Microsoft Security
Transforming public sector security operations in the AI era
Github Security Blog
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
Mozilla Security
Updated GPG key for signing Firefox Releases
Fastly
#hugops for vibe coders
Schneier on Security
Cell Phone OPSEC for Border Crossings
Elastic Security Labs
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective
Hunt and Hackett
The Evolving Threat of OT: Do You Know Your Weak Spots?
Datadog HQ
This Month in Datadog - March 2025
The Citizen Lab
Gender-Based Digital Transnational Repression and the Authoritarian Targeting of Women in the Diaspora
Dark Reading
Google Brings End-to-End Encryption to Gmail
Dark Reading
Check Point Disputes Hacker's Breach Claims
Compass Security Blog
I wannabe Red Team Operator
Palo Alto Networks
Platformization Maximizes Security Efficacy & IT Operations Efficiency
2025-03-31
Microsoft Security
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
Microsoft Security
New innovations in Microsoft Purview for protected, AI-ready data
Malwarebytes
Why we’re no longer doing April Fools’ Day
Malwarebytes
A week in security (March 24 – March 30)
Schneier on Security
The Signal Chat Leak and the NSA
Talos Intelligence
Beers with Talos: Year in Review episode
Talos Intelligence
Available now: 2024 Year in Review
Kevin Beaumont
Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service
Meta Security
Mobile GraphQL at Meta in 2025
White Knight Labs
Windows Kernel Buffer Overflow
Dark Reading
Oracle Cloud Users Urged to Take Action
Dark Reading
Trend Micro Open Sources AI Tool Cybertron
Dark Reading
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
Bishop Fox Security
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack
2025-03-30
Troy Hunt
Weekly Update 445
Ars Technica Security
FBI raids home of prominent computer scientist who has gone incommunicado
2025-03-28
Schneier on Security
Friday Squid Blogging: Squid Werewolf Hacking Group
Schneier on Security
AIs as Trusted Third Parties
Talos Intelligence
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Amazon Security
AWS continues to support government cloud security and shape FedRAMP’s evolution toward automated compliance
Dark Reading
GSA Plans FedRAMP Revamp
Dark Reading
Evilginx Tool (Still) Bypasses MFA
Dark Reading
Oracle Still Denies Breach as Researchers Persist
Dark Reading
Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market
Dark Reading
SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks
Dark Reading
Malaysia PM Refuses to Pay $10M Ransomware Demand
Dark Reading
Navigating Cyber-Risks and New Defenses
Ars Technica Security
Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII
Ars Technica Security
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini
Palo Alto Networks
Addressing Federal Cybersecurity Challenges in the Cloud Era
Searchlight Cyber
Russian Zero-Day Seller Offers $4m For Exploits in Telegram
TrustedSec
MCP: An Introduction to Agentic Op Support